On Mon, Oct 29, 2012 at 8:04 PM, Matthew Woodward <m...@mattwoodward.com> wrote: > Semi-new to Django and working on my first "real" app, and I have a need > based on the user's credentials to display forms as either editable or > read-only. (Note this doesn't have anything to do with the Django admin in > case that has any bearing on the discussion.) > > Is there some fancy whiz-bang filter or middleware-type doo-dad (you can > tell I'm still learning all the terminology) that would easily make all form > fields read only? > > I thought about using javascript (this is an internal app so we can mandate > javascript be enabled) but before I went that route figured I'd ask if > anyone has had to do this and how they approached it. > > Personally I think it's weird to show someone a form they can't edit as > opposed to just dumping them to a static display page, but wasn't my call. > > Thanks! > > --
You *might* be able to do this with a class that you add to the form tag when you're read only, and CSS rules for the various types of inputs that make them disabled when used as a descendent of something with that class. You should still, of course, protect in the view against a disallowed user submitting the form -- we all know that bad guys can use firebug to modify the DOM, right? Another protective hack would be to omit the CSRF token when the form is read only. Bill -- You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-users@googlegroups.com. To unsubscribe from this group, send email to django-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/django-users?hl=en.
